# Contriburo: Łukasz Jendrysik <scadu@yandex.com>
# Contributor: Michael Mason <ms13sp@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=gnutls
pkgver=3.8.3
pkgrel=0
pkgdesc="TLS protocol implementation"
url="https://www.gnutls.org/"
arch="all"
license="LGPL-2.1-or-later"
checkdepends="diffutils datefudge"
makedepends="
	libidn2-dev
	libkcapi-dev
	libtasn1-dev
	libunistring-dev
	linux-headers
	nettle-dev
	p11-kit-dev
	texinfo
	zlib-dev
	"
subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev $pkgname-utils $pkgname-c++:xx"
_v=${pkgver%.*}
case $pkgver in
*.*.*.*) _v=${_v%.*};;
esac
source="https://www.gnupg.org/ftp/gcrypt/gnutls/v$_v/gnutls-$pkgver.tar.xz
	skip-ktls.patch
	"

# Upstream Tracker: https://gnutls.org/security-new.html
# secfixes:
#   3.8.3-r0:
#     - CVE-2023-5981
#     - CVE-2024-0553
#     - CVE-2024-0567
#   3.8.0-r0:
#     - CVE-2023-0361
#   3.7.7-r0:
#     - CVE-2022-2509 GNUTLS-SA-2022-07-07
#   3.7.1-r0:
#     - CVE-2021-20231 GNUTLS-SA-2021-03-10
#     - CVE-2021-20232 GNUTLS-SA-2021-03-10
#   3.6.15-r0:
#     - CVE-2020-24659 GNUTLS-SA-2020-09-04
#   3.6.14-r0:
#     - CVE-2020-13777 GNUTLS-SA-2020-06-03
#   3.6.13-r0:
#     - CVE-2020-11501 GNUTLS-SA-2020-03-31
#   3.6.7-r0:
#     - CVE-2019-3836
#     - CVE-2019-3829
#   3.5.13-r0:
#     - CVE-2017-7507

prepare() {
	default_prepare

	# tries to do local networking, "Failed to connect to server"
	sed -i 's/cert-reencoding.sh//' tests/Makefile*
}

build() {
	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--sysconfdir=/etc \
		--mandir=/usr/share/man \
		--infodir=/usr/share/info \
		--enable-ktls \
		--disable-openssl-compatibility \
		--disable-rpath \
		--disable-static \
		--disable-valgrind-tests
	make
}

check() {
	# millis, 100s
	export GNUTLS_TEST_TIMEOUT=100000
	make check 	|| {
		cat tests/test-suite.log
		return 1
	}
}

package() {
	DESTDIR="$pkgdir" make -C "$builddir" install
}

utils() {
	license="GPL-3.0-or-later"
	pkgdesc="Command line tools for TLS protocol"
	mkdir -p "$subpkgdir"/usr/
	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}

xx() {
	pkgdesc="The C++ interface to GnuTLS"
	mkdir -p "$subpkgdir"/usr/lib
	mv "$pkgdir"/usr/lib/lib*xx.so.* "$subpkgdir"/usr/lib/
}

sha512sums="
74eddba01ce4c2ffdca781c85db3bb52c85f1db3c09813ee2b8ceea0608f92ca3912fd9266f55deb36a8ba4d01802895ca5d5d219e7d9caec45e1a8534e45a84  gnutls-3.8.3.tar.xz
0913e95e58c509c5bb3463cce262741486ada05e283f770a0ef9bf88956e1b87224070036d32069a6d0b6cb880253627890aee98edb5f1b07acf26a97bc19cee  skip-ktls.patch
"
